PaperCut MF < 24.1.9 / 25.x < 25.0.10 Race Condition (CVE-2026-6180)

The version of PaperCut MF installed on the remote Windows host is prior to 24.1.9 or 25.x prior to 25.0.10. It is, therefore, affected by a vulnerability: - A race condition exists in PaperCut NG/MF when processing badge-swipe data from certain HP multifunction devices. Under specific network...

EUVD-2026-27231

A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notificatio...

CVE-2026-6180

A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notificatio...

CVE-2026-32230 Uptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a status page

Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 to 2.1.3 , the GET /api/badge/:id/ping/:duration? endpoint in server/routers/api-router.js does not verify that the requested monitor belongs to a public group. All other badge endpoints check AND public = 1 in their SQL query...

Uptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a status page

Summary The GET /api/badge/:id/ping/:duration? endpoint in server/routers/api-router.js does not verify that the requested monitor belongs to a public group. All other badge endpoints check AND public = 1 in their SQL query before returning data. The ping endpoint skips this check entirely,...

CVE-2025-59099

The Access Manager is using the open source web server CompactWebServer written in C. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files...

CVE-2025-59099

The CVE-2025-59099 issue concerns the Access Manager using CompactWebServer (C#). A path traversal flaw allows unauthenticated GET requests to directly access files, enabling retrieval of any files on the file system, including the SQLite database Database.sq3 with badge data and PINs. Certain fi...

EUVD-2025-206363

The Access Manager is using the open source web server CompactWebServer written in C. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files...